Air-Gapped Installations#
For security purposes, some installations require that systems be isolated from the internet or outside networks.
An air-gapped system is not connected to an unsecured network, such as the public Internet, to an unsecured LAN, or to other computers that are connected to an unsecured network. The default mechanisms to update software on DGX systems and loading container images from the NGC Container Registry require an Internet connection. On an air-gapped system, which is isolated from the Internet, you must provide alternative mechanisms to update software and load container images.
Since most DGX software updates are completed through an over-the-network process with NVIDIA servers, this section explains how updates can be made when using an over-the-network method is not an option. It also includes a process to install Docker containers.
Here are the methods you can use:
Download the ISO image, copy it to removable media and then reimage the DGX System from the media.
This method is available only for software versions that are available as ISO images for download. For details, see Reimaging the System This section provides information about how to install the DGX OS.
Update the DGX software by performing a network update from a local repository.
This method is available only for software versions that are available for over-the-network updates.
Note
If you are using apt-mirror
version 0.5.4-1 or higher, the following method described in this
topic does not successfully update the repositories. To work around this issue, refer to
Errors Occur When Loading Mirrored Repositories on Air-Gapped Systems in the Known Issues
section for an alternative method.
Creating a Local Mirror of the NVIDIA and Canonical Repositories#
Here are the steps to download the necessary packages to create a mirror of the repositories that are needed to update NVIDIA DGX systems. For more information on DGX OS versions and the release notes available, refer to Release Notes
Note
These procedures apply only to upgrades in the same major release, such as from 5.x to 5.y. The steps do not support upgrades across major releases, such as from DGX OS 5 to DGX OS 6.
Identify the sources that correspond to the public NVIDIA and Canonical repositories that provide updates to the DGX OS.
You can identify these sources from the
/etc/apt/sources.list
file and the contents of the/etc/apt.sources.list.d/
directory, or by using [System Settings, Software & Updates].Create and maintain a private mirror of the repository sources that you identified in the previous step.
Update the sources that provide updates to the DGX system to use your private repository mirror instead of the public repositories.
To update these sources, modify the /etc/apt/sources.list
file and the
contents of /etc/apt.sources.list.d/
directory.
Creating the Mirror of the Repositories#
The instructions in this section are to be performed on a system with internet access.
A system installed with Ubuntu OS is needed to create the mirror because there are several Ubuntu tools that need to be used.
You must be logged in to the system installed with Ubuntu OS as an administrator user because this procedure requires
sudo
privileges.The system must contain enough storage space to replicate the repositories to a file system. The space requirement could be as high as 250 GB.
An efficient way to move large amount of data is needed, for example, shared storage in a DMZ, or portable USB drives that can be brought into the air-gapped area.
The data will need to be moved to the systems that need to be updated. Make sure that any portable drives are formatted using ext4 or FAT32.
To create the mirror:
Ensure that the storage device is attached to the system with network access and identify the mount point of the device.
Here is a sample mount point that was used in these instructions:
/media/usb/repository
Install the
apt-mirror
package.sudo apt update
sudo apt install apt-mirror
Change the ownership of the target directory to the
apt-mirror
user in theapt-mirror
group.sudo chown apt-mirror:apt-mirror /media/usb/repository
The target directory must be owned by the user
apt-mirror
or the replication will not work.Configure the path of the destination directory in
/etc/apt/mirror.list
and use the included list of repositories below to retrieve the packages for both Ubuntu base OS and the NVIDIA DGX OS packages.############# config ################## # set base_path /media/usb/repository #/your/path/here # # set mirror_path $base_path/mirror # set skel_path $base_path/skel # set var_path $base_path/var # set cleanscript $var_path/clean.sh # set defaultarch <running host architecture> # set postmirror_script $var_path/postmirror.sh set run_postmirror 0 set nthreads 20 set _tilde 0 # ############# end config ############## # Standard Canonical package repositories: deb http://security.ubuntu.com/ubuntu jammy-security main multiverse universe restricted deb http://archive.ubuntu.com/ubuntu/ jammy main multiverse universe restricted deb http://archive.ubuntu.com/ubuntu/ jammy-updates main multiverse universe restricted # deb-i386 http://security.ubuntu.com/ubuntu jammy-security main multiverse universe restricted deb-i386 http://archive.ubuntu.com/ubuntu/ jammy main multiverse universe restricted deb-i386 http://archive.ubuntu.com/ubuntu/ jammy-updates main multiverse universe restricted # # CUDA specific repositories: deb http://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/ / # # DGX specific repositories: deb http://repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy common dgx deb http://repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy-updates common dgx # deb-i386 http://repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy common dgx deb-i386 http://repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy-updates common dgx # Clean unused items clean http://archive.ubuntu.com/ubuntu clean http://security.ubuntu.com/ubuntu
Run
apt-mirror
and wait for it to finish downloading content.This will take a long time depending on the network connection speed.
sudo apt-mirror
Eject the removable storage with all packages.
sudo eject /media/usb/repository
Configuring the Target Air-Gapped System#
Here are the steps that explain how you can configure a target air-gapped DGX OS 6 system.
The instructions in this section are to be performed on the target air-gapped DGX system.
The target air-gapped DGX system is installed, has gone through the first boot process, and is ready to be updated with the latest packages.
The USB storage device on which the mirrors were created is attached to the target DGX system.
There are other ways to transfer the data that are not covered in this document as they will depend on the data center policies for the air-gapped environment.
Mount the storage device on the air-gapped system to
/media/usb/repository
for consistency2. Configure the apt command to use the file system as the repository in the file/etc/apt/sources.list
by modifying the following lines.deb file:///media/usb/repository/mirror/security.ubuntu.com/ubuntu jammy-security main multiverse universe restricted deb file:///media/usb/repository/mirror/archive.ubuntu.com/ubuntu/ jammy main multiverse universe restricted deb file:///media/usb/repository/mirror/archive.ubuntu.com/ubuntu/ jammy-updates main multiverse universe restricted
Configure
apt
to use the NVIDIA DGX OS packages in the/etc/apt/sources.list.d/dgx.list
file.deb file:///media/usb/repository/mirror/repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy main dgx deb file:///media/usb/repository/mirror/repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy-updates main dgx
Configure [apt] to use the NVIDIA CUDA packages in the
/etc/apt/sources.list.d/cuda-compute-repo.list
file.deb file:///media/usb/repository/mirror/developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/ /
Update the
apt
repository.sudo apt update
The output from this command is similar to the following example.
Get:1 file:/media/usb/repository/mirror/security.ubuntu.com/ubuntu jammy-security InRelease [107 kB] Get:2 file:/media/usb/repository/mirror/archive.ubuntu.com/ubuntu jammy InRelease [265 kB] Get:3 file:/media/usb/repository/mirror/archive.ubuntu.com/ubuntu jammy-updates InRelease [111 kB] Get:4 file:/media/usb/repository/mirror/developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64 InRelease Get:5 file:/media/usb/repository/mirror/repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64 jammy InRelease [12.5 kB] Get:6 file:/media/usb/repository/mirror/repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64 jammy-updates InRelease [12.4 kB] Get:7 file:/media/usb/repository/mirror/developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64 Release [697 B] Get:8 file:/media/usb/repository/mirror/developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64 Release.gpg [836 B] Reading package lists... Done
Upgrade the system using the newly configured local repositories.
sudo apt full-upgrade